Years go by ... yet USAF still can't get its cyber doctrine right

I quote myself from a previous column when I say there can be no true cyber-war “until someone takes on the role of Phillip Meilinger. This person will write the definitive booklet on ‘Ten Propositions Regarding Cyber Power.’ It has to be taken seriously, too — no crackpots allowed.”

U.S. Air Force commanding general Norton Schwartz attempted something pretty close to my notion in his new doctrine for cyberspace operations. He calls it “Ten Things Every Airman Must Know.”

The only problem is … it’s actually six things every Airman must know, plus four things they must do. Oh, and it focuses on the Internet rather than on cyberspace. Study it closely and you’ll realize USAF’s top general got hoodwinked by the groupthink that cripples his cyber mater. Let’s review his “Ten Things” list:

Can the Penta­gon’s free anti­virus soft­ware in item #10 detect the mali­cious printers they men­tion in item #2?

The United States is vulnerable to cyberspace attacks by relentless adversaries attempting to infiltrate our networks at work and at home — millions of time a day, 24/7.

Our enemies plant malicious code, worms, botnets, and hooks in common websites, software, and hardware such as thumb­drives, printers, etc.

If you place a colon at the end of item #6 (like I did), the entire last half reads like a PowerPoint slide — complete with punctuation errors in items #8-9. Who wants to bet Major Mark D. Hedden wrote it?

Item #9 is not something “Every Airman Must Do.” The professionalmartial use of encryption demands arcane skills far beyond those of a CSA. The Pentagon centrally deploys & manages encryption with NSA guidance for this very reason.

The person who wrote item #9 doesn’t realize “the best encryption is transparent,” hence we can conclude (a) a non-expert wrote it and (b) these “Ten Things” didn’t go through a vetting process.

Worse: given the Wikileaks debacle, we must expect DoD officials will suspect treason if they discover a personally encrypted CD-ROM or a personally opened SSH tunnel.

Item #10 orders Airmen to load free antivirus software on their home computers. Believe it, folks: Air Force doctrine now directly impacts a dependent child‘s laptop. (Read it again, folks. It’s a lawful order written in the imperative and published as doctrine with the Air Force Chief of Staff’s name on it.)

“Memorize any policy that serves a mandate and was written by a craftsman. Forget any policy that survived a consensus and was pencil­whipped by a committee.”

It disturbs me that USAF continues to pump out grammatical errors in short documents with overarching policy, this time signed by a four-star general. And don’t even get me started on the use of acronyms like “CSA” for Powerbullet points that fit on less than one page…

“As cyber wingmen,” begins item #5. I can’t help but laugh at the notion of General Schwartz calling his troops “cyber wingmen.”

Item #9 of your “Ten Things” tells all cyber wingmen to use encryption. I’m curious what encryption you use. If it’s good enough for you, it’s good enough for me!

Schwartz:

Uh, is there a point to all this?

Rosenberger:

Actually, sir, I was about to ask you the very same question. But let me ask you this: can the free antivirus software you talked about in item #10 detect those malicious printers you talked about in item #2?